/**
 * 
 */
package org.mspring.mlog.web.module.admin;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.mspring.mlog.common.Keys;
import org.mspring.mlog.entity.security.User;
import org.mspring.mlog.service.security.UserService;
import org.mspring.mlog.web.security.SecurityUtils;
import org.mspring.platform.utils.CookieUtils;
import org.mspring.platform.utils.RequestUtils;
import org.mspring.platform.utils.SessionUtils;
import org.mspring.platform.utils.StringUtils;
import org.mspring.platform.web.ResponseEntity;
import org.mspring.platform.web.freemarker.widget.stereotype.Widget;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * @author Gao Youbo
 * @since 2012-7-16
 * @Description
 * @TODO
 */
@Widget
@RequestMapping("/admin")
public class Admin_LoginWidget extends Admin_AbstractWidget {

    @Autowired
    private UserService userService;

    @RequestMapping(value = { "/login" }, method = { RequestMethod.GET })
    public String login(HttpServletRequest request, HttpServletResponse response) {
        boolean flag = SecurityUtils.hasAdminAccessToken(request);
        if (flag) {
            return "/admin/index";
        }
        return "/admin/login";
    }

    @RequestMapping(value = "/login/do", method = RequestMethod.POST)
    @ResponseBody
    public ResponseEntity doLogin(HttpServletRequest request, HttpServletResponse response) {
        ResponseEntity rsp = new ResponseEntity();
        String name = RequestUtils.getRequestParameterAsString(request, "name");
        String password = RequestUtils.getRequestParameterAsString(request, "password");
        String code = RequestUtils.getRequestParameterAsString(request, "code");

        if (StringUtils.isBlank(name)) {
            rsp.setSuccess(false);
            rsp.setMessage("请输入用户名");
            return rsp;
        }
        if (StringUtils.isBlank(password)) {
            rsp.setSuccess(false);
            rsp.setMessage("请输入密码");
            return rsp;
        }
        if (StringUtils.isBlank(code)) {
            rsp.setSuccess(false);
            rsp.setMessage("请输入验证码");
            return rsp;
        }
        String sessionCode = SessionUtils.getAttrAsString(request, Keys.SESSION_VALIDATE_CODE);
        if (!code.equals(sessionCode)) {
            rsp.setSuccess(false);
            rsp.setMessage("验证码输入错误");
            return rsp;
        }
        User user = userService.validateUser(name, password);
        if (user == null) {
            rsp.setSuccess(false);
            rsp.setMessage("登录失败，用户名或密码错误");
            return rsp;
        }
        SecurityUtils.rememberAdmin(user, request, response);
        SecurityUtils.setAdminAccessToken(request, user.getId());
        SecurityUtils.reloadUserDetails(name, request);
        rsp.setSuccess(true);
        return rsp;
    }

    @RequestMapping("/logout")
    public String logout(HttpServletRequest request, HttpServletResponse response, Model model) {
        CookieUtils.setCookie(response, "admin_name", null);
        CookieUtils.setCookie(response, "admin_password", null);
        CookieUtils.setCookie(response, "admin_remember", null);
        SecurityUtils.logout(request);
        return "redirect:/";
    }
}
